Dirac on a vm at cern
From GridPP Wiki
Revision as of 11:29, 10 September 2014 by Daniela Bauer 3919d55ff4 (Talk | contribs)
Contents
Launching a virtual machine at CERN
- Use openstack at CERN.
- Change "Current Project" to your username.
- Click on "Instances" and then on "Launch Instance"
- Upload public ssh key (cut and paste will do), if not already done so, in the Access & Security tab
- Choose "Any Availability Zone", "m1.medium" and "Boot from Image"
- As image I am currently trying "SLC6 Server x86_64" (diractest2) and "SLC6 CERN Server x86_64" (diractest)
- Click "Launch"
Getting a hostcert for a virtual machine
- Once the machine is up and running, you can log on as root via lxplus.cern.ch
- Go to the new CERN CA
Click on "New host certificate"
If it whinges about having to see your cert, ignore it, it will ask for it sooner or later. Your user cert should be in your browser at that point though. Click again on "host cert". This time hopefully it works.
Under "Host selection" you should find your virtual machine. Click "Request"
- Run the command it gives on your virtual machine and paste the output back (i.e. follow the instructions given on the webpage)
openssl req -new -subj "/CN=diractest2.cern.ch" -out newcsr.csr -nodes -sha512 -newkey rsa:2048
This should take you to a page "Certificate issued". Follow the instructions.
- Make a backup and save it somewhere other than your virtual machine:
openssl pkcs12 -export -inkey privkey.pem -in host-diractest.cert -out diractest.p12
Setting up the CAs
- wget http://repository.egi.eu/sw/production/cas/1/current/repo-files/EGI-trustanchors.repo -O /etc/yum.repos.d/EGI-trustanchors.repo
- yum install ca-policy-egi-core
Setting up a UI
(Let's go with EMI3, even though we will need the EMI2 vomsclients.)
- Get the repos:
wget http://www.nic.funet.fi/pub/mirrors/fedora.redhat.com/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm rpm -i epel-release-6-8.noarch.rpm wget http://emisoft.web.cern.ch/emisoft/dist/EMI/3/sl6/x86_64/base/emi-release-3.0.0-2.el6.noarch.rpm yum localinstall emi-release-3.0.0-2.el6.noarch.rpm
- epel needs to have priority over the system repos, otherwise the install fails with "emi.saga-adapter.isn-cpp-1.0.3-1.sl6.x86_64 (EMI-3-base) Requires: libxerces-c-3.0.so()(64bit)"
- yum install emi-ui
- Get the EMI2 voms clients
yum shell list *voms* erase voms-clients3.noarch install voms-clients.x86_64 run exit
